From 1fe96a070c1a61c28aa4f435aee16c1a9c7a72a6 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Fri, 18 Mar 2016 16:20:24 +0100
Subject: [PATCH] set default ksk instead of zsk algorithm

---
 pdns/common_startup.cc | 4 ++--
 pdns/pdns.conf-dist    | 4 ++--
 pdns/pdnsutil.cc       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 26f0624272..f6bb460696 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -170,9 +170,9 @@ void declareArguments()
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
-  ::arg().set("default-ksk-algorithms","Default KSK algorithms")="";
+  ::arg().set("default-ksk-algorithms","Default KSK algorithms")="ecdsa256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
-  ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="ecdsa256";
+  ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="";
   ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
   ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
 
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 7f977ab2ff..888396f92c 100644
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -107,7 +107,7 @@
 #################################
 # default-ksk-algorithms	Default KSK algorithms
 #
-# default-ksk-algorithms=
+# default-ksk-algorithms=ecdsa256
 
 #################################
 # default-ksk-size	Default KSK size (0 means default)
@@ -142,7 +142,7 @@
 #################################
 # default-zsk-algorithms	Default ZSK algorithms
 #
-# default-zsk-algorithms=ecdsa256
+# default-zsk-algorithms=
 
 #################################
 # default-zsk-size	Default ZSK size (0 means default)
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index ebd16ed205..710da1b6cd 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -77,9 +77,9 @@ void loadMainConfig(const std::string& configdir)
   string configname=::arg()["config-dir"]+"/"+s_programname+".conf";
   cleanSlashes(configname);
 
-  ::arg().set("default-ksk-algorithms","Default KSK algorithms")="";
+  ::arg().set("default-ksk-algorithms","Default KSK algorithms")="ecdsa256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
-  ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="ecdsa256";
+  ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="";
   ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
   ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
   ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
-- 
2.47.2